By Owen Fletcher and Robert McMillan
IDG News Service
February 24, 2010
A hacker who took down top Chinese search engine Baidu.com last month
broke into its account with a U.S. domain name registrar by pretending
to be from Baidu in an online chat with the registrar's tech help,
according to a lawsuit filed by Baidu.
Support staff at the registrar, Register.com, then refused to aid Baidu
when first contacted about Baidu.com redirecting users to a Web page
that declared, "This site has been hacked by the Iranian Cyber Army,"
the Baidu complaint alleges. The complaint was filed last month in U.S.
District Court for the Southern District of New York, but the court only
recently released an unredacted copy of the complaint.
The complaint says Baidu's service was disrupted for five hours by the
hack and seeks millions of dollars allegedly lost in revenue and other
The attack began on the afternoon of Jan. 11 when the hacker contacted
Register.com tech help via online chat and claimed to be from Baidu, the
complaint alleges. The attacker asked a support representative to change
Baidu's e-mail address on file. The representative then sent a
confirmation code to Baidu's e-mail account even though the hacker
answered a security question incorrectly, the complaint alleges.
Register now for HITBSecConf2010 - Dubai, the premier
deep-knowledge network security event in the GCC,
featuring keynote speakers John Viega and Matt Watchinski!